JHymn Goes Behind Atoms and Apple To Bring DRM-Free Music Software / OSDir Original Date: Jan 27, 2005 - 09:00 AM By Howard Wen http://osdir.com/PrintArticle3823.phtml
Like all matter in the universe, MPEG-4 files are also made of "atoms" -- it's the term given for the set of nested data that comprises the structure of an MPEG-4 file. Atoms are key to the way the audio and video data within an MPEG-4 file are accessed. They figure in how Apple's digital rights management (DRM) scheme is used to protect music file purchases from its iTunes Music Store. (Apple uses the AAC file format; AAC is the audio layer in MPEG-4 files.) Atoms also factor in how hymn is able to "scrub" protected AAC files of Apple's DRM. hymn is a decryption program based on the work of Jon Lech Johansen , who first reverse-engineered Apple's DRM scheme (called "FairPlay"). The original author of the hymn code, which he released under the GNU General Public License, has never come forward, and prefers to remain anonymous. The current maintainer of hymn goes by the handle "FutureProof," who describes himself as "older than 30" and living "someplace where there's a lot of snow outside now" (the below interview with him was conducted in January). By profession, he works as a software engineer. He developed JHymn, a more user-friendly Java implementation of the original command-line version of hymn. His present goals for the project are to improve the JHymn user interface, and the effectiveness of its removing of the FairPlay DRM. FutureProof spoke with us about the continuing development of hymn/JHymn, and explained what other tricks Apple has up its sleeve to cripple files purchased from the iTunes Music Store that the user has decrypted. OSDir.com: What have been the recent legal actions, if any, that Apple has tried to take against the hymn project? FP: Things have been quiet. I'm thinking that hymn has figured less into Apple's latest actions than their efforts against Real's Harmony project, with hymn and its derivatives simply being regarded as collateral damage. OSDir.com: Basically, how does Apple's DRM for the iTunes Music Store work? FP: In a protected file, the "mp4a" atom -- part of a standard AAC file -- is replaced by a non-standard, proprietary "drms" atom. This contains the same basic information about a song as the "mp4a" atom, plus the identity of the purchaser and some of the cryptographic information needed to decrypt the music. The actual decryption key needed to decrypt the music is not stored here, however,but merely an indicator as to which key -- among many possible keys -- assigned to a particular user should be used. Once you have found the needed key, you apply that key, using AES decryption, to the data in the "mdat" atom, which, in an unprotected file, contains all of the raw AAC audio sample data. Apart from this, there are various atoms added beyond what you'd find in an unprotected AAC file, such as an "apID" atom, which marks music files with the iTunes Music Store ID of the purchaser. OSDir.com: Does hymn actually decrypt the DRM, or does it technically work another way? FP: Yes, the music is actually decrypted. Unlike, say, burning a song to a CD and re-ripping it, you don't lose any sound quality when you can access the original data in decrypted form. OSDir.com: What do you think is the biggest technical weakness of Apple's DRM technology? FP: The weakness of any DRM scheme: Any encrypted audio or video is worthless until it is decrypted. If you can hear the music, if you can see the picture, you have been given the means to decrypt the once-encrypted information. Whatever your ears can hear and your eyes can see can certainly be recorded again, without encryption, by electronic means. JHymn is a more user-friendly Java implementation of the original command-line version of hymn. Note the entries listed under "Unwanted atoms" -- these tags are embedded within a protected AAC file and are key to making Apple's FairPlay DRM work. OSDir.com: As you've been working on hymn, have you learned anything interesting about the DRM technology that Apple uses? FP: Although I've learned a good deal about the theory of DRM, and a little bit about the particular practice of DRM in Apple's case, I'm not actually much of an expert on the subject to comment on this. Someone else has broken the code; I'm just refining and improving the process. Should Apple update their DRM, it will probably be someone like Jon Lech Johansen who does the heavy lifting to crack it yet again. OSDir.com: Apple has taken advantage of the fact that hymn does not strip away, by default, the user's own unique ID that is attached to music files that he/she has purchased from the iTunes Music Store. The company uses this information to prevent files which have been "de-DRM'ed" with hymn from being played whenever they release a new version of iTunes. How exactly is it that they have been able to do this whenever they release a new iTunes update? FP: There's encryption, and then there's "watermarking." It's easier to remove encryption than watermarking. The original author of hymn preferred to leave the user's ID in unlocked files, as a sign that he wasn't promoting piracy. I've been working on removing the watermarking, however, now that I've seen it can, and will, be used against us. JHymn seems to have done a pretty good job of removing that watermarking, but additional watermarks are cached outside of the protected files themselves, in the iTunes Library database, perhaps on the iPod itself. Watermarking can be much more clever than encryption. Whether Apple implements some of the trickier methods of watermarking is yet to be seen. At any rate, once DRM has been successfully removed from a file, you do have in your possession at that point a perfectly "valid" AAC file that should play anywhere. Only Apple's software iTunes is going to be looking for Apple's watermarking. You'll still have a file that can be played by any other AAC-compatible software or hardware. OSDir.com: To clarify, does this mean that a de-DRM'ed file should play on another computer -- but it might not on the computer which was used to originally purchase the music, because of these watermarks that linger on throughout the original computer? FP: There's a problem where the iTunes database (and possibly your iPod, too) retains some info that a song had had DRM. The end result is kind of like "watermarking," but I don't know if it could be properly called such. This situation prevents you from playing the song with iTunes, or transferring it to your iPod, and only on your own computer. Actual in-file watermarking (like the "geID" atom that caused problems when iTunes 4.6 came out) would stop your iTunes music from playing on anyone's computer, not just your own, but only via iTunes or QuickTime. Any other AAC decoders or players have no reason to look for Apple's special markings, nor any reason to want to enforce them. The files output by hymn and JHymn are perfectly good AAC files, which should be playable by any player which conforms with the AAC standards. OSDir.com: Right now, hymn users must scrub out the unique identifiers from their purchased music, so that the files will play under the current version of iTunes. Is there a way that Apple could still prevent such music files from playing? FP: I think my previous response pretty much answers this question: Yes, by detecting various forms of watermarking that haven't been removed, because we don't know they are there to be removed. OSDir.com: So have things gotten to a point where a future version of hymn will need to, by default, scrub out the user's ID from the music files? FP: If Apple decides to use the presence of a user ID as a tool against us, then, yes, removing such information could become a default action. OSDir.com: What is now the recommended way to de-DRM one's iTunes Music Store song files with hymn/JHymn, in order to avoid the watermarks and other means that Apple recently implemented to prevent de-DRM'ed files from playing? FP: I'd advise people who haven't updated to iTunes 4.7.1 to hold off for a bit. If they have already updated, or need to (perhaps to use a nice new iPod shuffle), they should use the latest version of JHymn to scrub their files -- not just the files that are still protected, but the files that have already been unprotected by earlier versions of JHymn. There are still some potential problems until the next version of JHymn comes out, but some helpful (if somewhat tedious) work-arounds exist in the meantime, which are discussed in the hymn-project.org forums. These work-arounds basically involve removing any troublesome song from iTunes and re-adding it to iTunes, or otherwise coaxing iTunes into rebuilding its database, and doing so in a way to preserve as much of your iTunes set-up as possible, like playlists and song ratings. OSDir.com: What do you have to say in response to those who take issue with hymn? I'm thinking about end users, like iPod/Apple fans, who insist Apple's DRM is "no big deal" and what you're doing is "wrong" -- not the music labels, who obviously don't like things like hymn? FP: What I say is that all I'm trying to do is get the same flexibility to use my music that I'd have if I purchased a CD and ripped it myself, and that my efforts aid piracy no more than the existence of CDs aid piracy. You run into problems using third-party products like EyeHome and Squeezebox and losing authorizations when computers break or crash. As DRM schemes go, Apple's is, I must say, one of the best for end users. But that's like saying "the handcuffs are mighty comfortable handcuffs." OSDir.com: What are the future plans for hymn? Any new significant developments for the next immediate version? FP: The biggest thing will be improvements in how the iTunes Music Library gets updated, to help with problems seen due to iTunes 4.7.1. Beyond that, I have some improved convenience features in mind, and improving the code dealing with conversion to the MP3 format. I imagine that some users will happily choose to accept the loss of a little bit of sound quality due to AAC-to-MP3 conversion, and perhaps the loss of CD artwork, in order to turn their iTunes purchases into a format which should be much safer from further assault by future versions of iTunes and the iPod. OSDir.com: Do you own an iPod? FP: "Only" three of them: one that has been relegated to portable hard drive duty; one that lives in my car most of the time for use with my Alpine head unit, which has a nice iPod interface; and a new iPod photo. Obviously, I rather like my iPods. And my G5 PowerMac. And my G4 PowerBook. And the nearly 900 songs I've purchased via iTunes. Apple should be quite happy to have customers like me. Perhaps it's just wishful thinking, but I don't imagine Steve Jobs -- not that his desires completely determine what Apple does -- wanting to push too hard on strengthening Apple's DRM. Any such push, if it does come, will likely come from the music industry, not Apple. Howard Wen is a freelance writer who has contributed frequently to O'Reilly Network and written for Salon.com, Playboy.com, and Wired, among others. You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
